Home/Tools/CWE Lookup Tool

CWE Lookup Tool

Look up Common Weakness Enumeration (CWE) entries from MITRE's CWE database. View detailed information about software security weaknesses including consequences, mitigations, detection methods, and real-world examples.

Search CWE Database

Search by CWE ID, name, or description to find software security weaknesses

Quick links to popular weaknesses:

Direct CWE ID Lookup

Browse CWE Entries

No CWE entries found matching your filters.

CWE Top 25 Most Dangerous Software Weaknesses

CVE records from 2023-202431,770 CVE records analyzed

Biggest Changes from 2023

📈 Most Improved
CWE-863Incorrect Authorization...7
CWE-798Use of Hard-coded Credentials...5
CWE-918Server-Side Request Forgery (SSRF)...5
CWE-94Improper Control of Generation of Code (...5
CWE-22Improper Limitation of a Pathname to a R...4
📉 Most Declined
CWE-416Use After Free...12
CWE-190Integer Overflow or Wraparound...10
CWE-502Deserialization of Untrusted Data...4
CWE-77Improper Neutralization of Special Eleme...4
CWE-78Improper Neutralization of Special Eleme...3
RankCWE IDNameScoreCVEsAvg CVSS
1
CWE-79
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)45.544,4426.2
2
CWE-787
Out-of-bounds Write43.673,8427.3
3
CWE-89
Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)34.271,4678.7
4
CWE-22
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)24.668198.6
5
CWE-352
Cross-Site Request Forgery (CSRF)23.083458.3
6
CWE-434
Unrestricted Upload of File with Dangerous Type20.263228.4
7
CWE-125
Out-of-bounds Read18.642,1175.5
8
CWE-78
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)16.444159.3
9
CWE-20
Improper Input Validation15.982,3186.7
10
CWE-862
Missing Authorization15.601,1687.1
11
CWE-476
NULL Pointer Dereference15.341,6255.8
12
CWE-287
Improper Authentication15.151,1177.0
13
CWE-798
Use of Hard-coded Credentials13.842628.8
14
CWE-918
Server-Side Request Forgery (SSRF)13.743068.6
15
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer13.608197.5
16
CWE-416
Use After Free12.891,1517.2
17
CWE-863
Incorrect Authorization11.979696.9
18
CWE-94
Improper Control of Generation of Code (Code Injection)11.724368.3
19
CWE-502
Deserialization of Untrusted Data10.292378.8
20
CWE-77
Improper Neutralization of Special Elements used in a Command (Command Injection)9.452089.3
21
CWE-306
Missing Authentication for Critical Function9.387446.9
22
CWE-269
Improper Privilege Management8.926367.2
23
CWE-401
Missing Release of Memory after Effective Lifetime8.707726.2
24
CWE-190
Integer Overflow or Wraparound8.606676.7
25
CWE-522
Insufficiently Protected Credentials8.542838.0

Click any row to view detailed information about that weakness

View official 2024 list on MITRE

Integration with Security Tools

Link directly to CWE entries from your vulnerability scanners, static analysis tools, or security reports:

URL Format:

https://inventivehq.com/tools/cwe-lookup/cwe-###

Examples: /cwe-732, /cwe-79, /cwe-89

What is Common Weakness Enumeration (CWE)?

Common Weakness Enumeration (CWE) is a comprehensive, community-developed catalog of software and hardware security weakness types maintained by MITRE Corporation. Think of CWE as a dictionary or taxonomy of security flaws - it provides a standardized language for describing the root causes of vulnerabilities in code, design, and architecture.

Unlike CVE (Common Vulnerabilities and Exposures) which identifies specific instances of vulnerabilities in particular products, CWE describes categories of weaknesses that can appear across many different software systems. For example, CWE-79 describes "Cross-site Scripting" as a general weakness type, while thousands of individual CVEs reference CWE-79 as their underlying cause.

Why CWE Matters for Security

For Developers

  • Learn secure coding patterns and avoid common mistakes
  • Understand root causes of security vulnerabilities
  • Access code examples showing vulnerable and secure implementations
  • Configure static analysis tools to detect specific weakness patterns

For Security Teams

  • Map vulnerability scan results to standardized weakness types
  • Prioritize remediation using CWE Top 25 most dangerous weaknesses
  • Create security training programs based on real-world weakness patterns
  • Generate compliance reports with standardized CWE references

CWE Top 25 Most Dangerous Software Weaknesses

View Full Top 25

The CWE Top 25 is MITRE's annual ranking of the most widespread and critical software weaknesses. The 2024 list is calculated from 31,770 CVE records spanning 2023-2024, providing a data-driven view of the security issues causing the most harm in real-world software.

Use this list to prioritize security training, code review focus areas, and static analysis tool configuration. Organizations that address Top 25 weaknesses see significant reductions in exploitable vulnerabilities.

Top 3 Most Dangerous Weaknesses (2024):

  1. 1. CWE-79: Cross-site Scripting (XSS) - 4,442 CVEs
  2. 2. CWE-787: Out-of-bounds Write - 3,842 CVEs
  3. 3. CWE-89: SQL Injection - 1,467 CVEs
View complete ranking with trends and historical data

How to Use the CWE Lookup Tool

Direct Linking from Security Tools

Create direct links to CWE entries from vulnerability scan reports, static analysis tools, or security documentation:

https://inventivehq.com/tools/cwe-lookup/cwe-732

The tool automatically handles variations: "CWE-732", "cwe-732", "732" all work

Search and Browse

Enter a CWE ID in the search box to instantly view detailed information including description, consequences, mitigation strategies, detection methods, code examples, and relationships to other CWEs. Browse the Top 25 list to explore the most critical weaknesses.

Need Professional IT Services?

Our IT professionals can help optimize your infrastructure and improve your operations.

Get Free ConsultationView Services

Frequently Asked Questions

Common questions about the CWE Lookup Tool

CWE is a community-developed list of software and hardware security weakness types maintained by MITRE. It provides a common language for describing security vulnerabilities in architecture, design, or code. CWE helps developers, security researchers, and tools identify and prevent security weaknesses before they become exploitable vulnerabilities.

Explore More Tools

Continue with these related tools

Security
🔍

CVE Vulnerability Search

Search and analyze Common Vulnerabilities and Exposures (CVE) records

Try it now
Security
🔒

Security Headers Analyzer

Analyze HTTP security headers and get recommendations

Try it now
Security
🎫

JWT Debugger

Decode, verify, and generate JSON Web Tokens

Try it now
Security
🔐

Hash Generator

Generate MD5, SHA-256, and SHA-512 hashes

Try it now

⚠️ Security Notice

This tool is provided for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any systems or networks you do not own. Unauthorized access or security testing may be illegal in your jurisdiction. All processing happens client-side in your browser - no data is sent to our servers.